[ 35.606789][ T25] audit: type=1800 audit(1554611810.673:27): pid=7476 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 35.636212][ T25] audit: type=1800 audit(1554611810.673:28): pid=7476 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 36.441905][ T25] audit: type=1800 audit(1554611811.553:29): pid=7476 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 36.462782][ T25] audit: type=1800 audit(1554611811.553:30): pid=7476 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.195' (ECDSA) to the list of known hosts. 2019/04/07 04:37:05 fuzzer started 2019/04/07 04:37:08 dialing manager at 10.128.0.26:34543 2019/04/07 04:37:08 syscalls: 2408 2019/04/07 04:37:08 code coverage: enabled 2019/04/07 04:37:08 comparison tracing: enabled 2019/04/07 04:37:08 extra coverage: extra coverage is not supported by the kernel 2019/04/07 04:37:08 setuid sandbox: enabled 2019/04/07 04:37:08 namespace sandbox: enabled 2019/04/07 04:37:08 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/07 04:37:08 fault injection: enabled 2019/04/07 04:37:08 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/07 04:37:08 net packet injection: enabled 2019/04/07 04:37:08 net device setup: enabled 04:39:08 executing program 0: perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x21) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r1, 0xc08c5335, &(0x7f0000000440)={0x803, 0x7fff, 0x9, 'queue1\x00', 0x9}) getsockname$unix(r0, &(0x7f0000000040)=@abs, &(0x7f00000002c0)=0x6e) r2 = openat$zero(0xffffffffffffff9c, 0x0, 0x4800, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x1) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f00000007c0)={0xce68, 0x0, 0x1, 'queue1\x00'}) unlinkat(r2, &(0x7f0000000640)='./file0\x00', 0x200) syzkaller login: [ 173.513165][ T7642] IPVS: ftp: loaded support on port[0] = 21 04:39:08 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'morus640\x00'}, 0x58) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x200) [ 173.639725][ T7642] chnl_net:caif_netlink_parms(): no params data found [ 173.732710][ T7645] IPVS: ftp: loaded support on port[0] = 21 [ 173.747603][ T7642] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.772217][ T7642] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.780444][ T7642] device bridge_slave_0 entered promiscuous mode [ 173.790658][ T7642] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.797857][ T7642] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.805725][ T7642] device bridge_slave_1 entered promiscuous mode [ 173.844679][ T7642] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 173.857052][ T7642] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 173.883909][ T7642] team0: Port device team_slave_0 added 04:39:09 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffa5}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) [ 173.901237][ T7642] team0: Port device team_slave_1 added [ 173.984235][ T7642] device hsr_slave_0 entered promiscuous mode 04:39:09 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x20800000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x10000}) perf_event_open(&(0x7f0000000040)={0x0, 0x23b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) fstat(r2, &(0x7f0000000140)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004}) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 174.092221][ T7642] device hsr_slave_1 entered promiscuous mode [ 174.160769][ T7642] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.168085][ T7642] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.176110][ T7642] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.183246][ T7642] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.227511][ T7647] IPVS: ftp: loaded support on port[0] = 21 [ 174.267651][ T7649] IPVS: ftp: loaded support on port[0] = 21 04:39:09 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memt\x00\x8a\x11>\xe2\xf5bYQ\xf6\xf2\x8cro\xf8&\xbdL\x18\xbb\xfa`\xa8<\x9f\xb5\x03/\xb4\x93\xd0\xa5\xa0\nf\x18\xfd-b\xc2s\xccV\x0e3', 0x26e1, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x40086602, &(0x7f0000000140)) write$cgroup_int(r1, &(0x7f0000000080), 0xffffff19) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000000)={0x0, 0x4}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0xbcda34450b800b7a, 0x40000000000a132, 0xffffffffffffffff, 0x0) [ 174.321458][ T7645] chnl_net:caif_netlink_parms(): no params data found [ 174.495539][ T7649] chnl_net:caif_netlink_parms(): no params data found [ 174.506635][ T7642] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.549407][ T7645] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.556969][ T7645] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.564994][ T7645] device bridge_slave_0 entered promiscuous mode [ 174.573120][ T7645] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.580250][ T7645] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.588206][ T7645] device bridge_slave_1 entered promiscuous mode [ 174.605210][ T7645] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 174.621462][ T7642] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.643245][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 174.656868][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.676103][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.686045][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready 04:39:09 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="ab8cce9aa8bc2038bdd0b55368d7205869e899b729c8c77f169e35b495a40bb6c211c80eb7ea5b2a7058ade301e3a620c6a41d3619d57f7833c5813e322e68bfea8b79a6698e3fc5a87fb2da49a0d50b556ee26170101476ee960092e5ae338abd3d6c946908329e538bd8c0fe742f652df4bf9cb182d00d5c02531c17da3654f6fb1b1671a8ca3faf760c2e3abc10801dbc1651fa090c695d8c679d1ad1530f0f299eb65aded0bddc502c0a7f77a31caf86b2232ce027e1818e9c89bdea33e1cb169c8e4da6f8431aabbd4c2cccce98d2c4162f1754165652014107bcb1715b96287c6051f4a049658d026e0fa510e1379ea3037420e4bcf805d89ac9ce7108a03b8ed19ac6e7d372f42e5de56fd405309458a8269139fc3b9a5a4af5a276577a8a2b21778d072433333ad038301deac5b99c4fd0d26d238e454feb95370924a23cde"], 0x143) [ 174.702130][ T7645] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.705270][ T7654] IPVS: ftp: loaded support on port[0] = 21 [ 174.756804][ T7645] team0: Port device team_slave_0 added [ 174.807196][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 174.816210][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 174.831498][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.838731][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.846490][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 174.855340][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 174.864071][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.871126][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.878774][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 174.887506][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 174.896214][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 174.904657][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 174.913285][ T7649] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.920568][ T7649] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.928501][ T7649] device bridge_slave_0 entered promiscuous mode [ 174.937129][ T7649] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.944342][ T7649] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.952472][ T7649] device bridge_slave_1 entered promiscuous mode [ 174.963999][ T7645] team0: Port device team_slave_1 added [ 174.985844][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 174.995067][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 175.004088][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 175.016744][ T7642] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 175.027989][ T7642] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 175.053045][ T7649] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 175.064481][ T7649] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 175.078664][ T7647] chnl_net:caif_netlink_parms(): no params data found [ 175.088086][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 175.098507][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 175.107160][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 175.115840][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 175.124601][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 175.152672][ T7659] IPVS: ftp: loaded support on port[0] = 21 [ 175.195199][ T7645] device hsr_slave_0 entered promiscuous mode [ 175.242376][ T7645] device hsr_slave_1 entered promiscuous mode [ 175.295929][ T7649] team0: Port device team_slave_0 added [ 175.328595][ T7647] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.336017][ T7647] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.344068][ T7647] device bridge_slave_0 entered promiscuous mode [ 175.353826][ T7649] team0: Port device team_slave_1 added [ 175.370185][ T7647] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.377669][ T7647] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.385341][ T7647] device bridge_slave_1 entered promiscuous mode [ 175.409115][ T7647] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 175.418866][ T7647] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 175.437530][ T7642] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.477580][ T7647] team0: Port device team_slave_0 added [ 175.485140][ T7647] team0: Port device team_slave_1 added [ 175.565554][ T7649] device hsr_slave_0 entered promiscuous mode [ 175.622062][ T7649] device hsr_slave_1 entered promiscuous mode [ 175.680428][ T7654] chnl_net:caif_netlink_parms(): no params data found [ 175.775198][ T7647] device hsr_slave_0 entered promiscuous mode [ 175.832240][ T7647] device hsr_slave_1 entered promiscuous mode [ 175.894408][ C0] hrtimer: interrupt took 28221 ns [ 175.923985][ T7654] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.931118][ T7654] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.942003][ T7654] device bridge_slave_0 entered promiscuous mode [ 175.949778][ T7654] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.957355][ T7654] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.965566][ T7654] device bridge_slave_1 entered promiscuous mode 04:39:11 executing program 0: perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x21) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r1, 0xc08c5335, &(0x7f0000000440)={0x803, 0x7fff, 0x9, 'queue1\x00', 0x9}) getsockname$unix(r0, &(0x7f0000000040)=@abs, &(0x7f00000002c0)=0x6e) r2 = openat$zero(0xffffffffffffff9c, 0x0, 0x4800, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x1) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f00000007c0)={0xce68, 0x0, 0x1, 'queue1\x00'}) unlinkat(r2, &(0x7f0000000640)='./file0\x00', 0x200) [ 176.007314][ T7659] chnl_net:caif_netlink_parms(): no params data found [ 176.057498][ T7645] 8021q: adding VLAN 0 to HW filter on device bond0 04:39:11 executing program 0: signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0) fstat(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd) write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$inet(r0, &(0x7f0000000080), &(0x7f00000001c0)=0x10) unlink(0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000680)={0x0, @in={{0x2, 0x4e22, @dev}}, 0x3ff, 0x0, 0x401, 0xf1, 0x4}, 0x98) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) mkdir(&(0x7f0000001540)='./file0\x00', 0x0) ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f00000000c0)) [ 176.110592][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 176.126427][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 176.149627][ T7645] 8021q: adding VLAN 0 to HW filter on device team0 [ 176.176202][ T7654] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 176.231114][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 176.259057][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.268425][ T7651] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.275652][ T7651] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.288486][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 176.297913][ T7654] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 176.309918][ T7659] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.317287][ T7659] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.328412][ T7659] device bridge_slave_0 entered promiscuous mode [ 176.330734][ T7674] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 176.345909][ T7674] FAT-fs (loop0): Filesystem has been set read-only [ 176.357604][ T7674] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) [ 176.373594][ T25] audit: type=1804 audit(1554611951.483:31): pid=7676 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir850026289/syzkaller.t2Y34Z/2/file0/file0" dev="loop0" ino=3 res=1 [ 176.401138][ T7676] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 176.419957][ T7654] team0: Port device team_slave_0 added [ 176.429741][ T7676] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) [ 176.439380][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 176.448786][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.457756][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.464950][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state 04:39:11 executing program 0: signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0) fstat(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd) write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$inet(r0, &(0x7f0000000080), &(0x7f00000001c0)=0x10) unlink(0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000680)={0x0, @in={{0x2, 0x4e22, @dev}}, 0x3ff, 0x0, 0x401, 0xf1, 0x4}, 0x98) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) mkdir(&(0x7f0000001540)='./file0\x00', 0x0) ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f00000000c0)) [ 176.474822][ T7674] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 176.476005][ T7649] 8021q: adding VLAN 0 to HW filter on device bond0 [ 176.485201][ T7674] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) [ 176.495115][ T7659] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.508359][ T7659] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.520552][ T7659] device bridge_slave_1 entered promiscuous mode [ 176.546064][ T7654] team0: Port device team_slave_1 added [ 176.577512][ T7649] 8021q: adding VLAN 0 to HW filter on device team0 [ 176.593954][ T7659] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 176.622343][ T7659] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 176.637305][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 176.659806][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 176.682867][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.691509][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.700539][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.715674][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.728792][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 176.733308][ T7682] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 176.739947][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 176.745929][ T7682] FAT-fs (loop0): Filesystem has been set read-only [ 176.756784][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 176.762715][ T7682] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) [ 176.771559][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 176.793503][ T7645] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network 04:39:11 executing program 0: signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0) fstat(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd) write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$inet(r0, &(0x7f0000000080), &(0x7f00000001c0)=0x10) unlink(0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000680)={0x0, @in={{0x2, 0x4e22, @dev}}, 0x3ff, 0x0, 0x401, 0xf1, 0x4}, 0x98) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) mkdir(&(0x7f0000001540)='./file0\x00', 0x0) ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f00000000c0)) [ 176.812058][ T7645] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 176.830818][ T7647] 8021q: adding VLAN 0 to HW filter on device bond0 [ 176.894245][ T7654] device hsr_slave_0 entered promiscuous mode [ 176.922850][ T7654] device hsr_slave_1 entered promiscuous mode [ 176.963584][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 176.973642][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 176.982238][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 176.991047][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.000199][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.009351][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.015961][ T7688] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 177.016451][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.028252][ T7688] FAT-fs (loop0): Filesystem has been set read-only [ 177.045125][ T7688] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) [ 177.047757][ T7645] 8021q: adding VLAN 0 to HW filter on device batadv0 04:39:12 executing program 0: signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0) fstat(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd) write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$inet(r0, &(0x7f0000000080), &(0x7f00000001c0)=0x10) unlink(0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000680)={0x0, @in={{0x2, 0x4e22, @dev}}, 0x3ff, 0x0, 0x401, 0xf1, 0x4}, 0x98) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) mkdir(&(0x7f0000001540)='./file0\x00', 0x0) ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f00000000c0)) [ 177.079494][ T7659] team0: Port device team_slave_0 added [ 177.090805][ T7655] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.099217][ T7655] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 177.108275][ T7655] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.117364][ T7655] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.124941][ T7655] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.133387][ T7655] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 177.148105][ T7647] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.163591][ T7659] team0: Port device team_slave_1 added [ 177.170154][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 177.179752][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 177.187694][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 177.197014][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 177.206335][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.270645][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 177.293812][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.308783][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.320004][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.327425][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.336298][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 177.345963][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.363915][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.371158][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.382793][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 177.392421][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 177.401307][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.410012][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 177.419299][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 177.431402][ T7649] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 177.433959][ T7694] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 177.446191][ T7649] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 177.462348][ T7694] FAT-fs (loop0): Filesystem has been set read-only 04:39:12 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000340)={0x1, 0x0, @ioapic={0x0, 0x0, 0xffffffff, 0x0, 0x0, [{0x1}, {}, {0x0, 0x0, 0x10001}, {0x0, 0x0, 0x9}, {0x0, 0x9, 0x0, [], 0x7}, {}, {0x0, 0x0, 0x0, [], 0x5}, {0x0, 0x6, 0x20}, {}, {}, {0x0, 0x2d97}, {}, {}, {0x0, 0x0, 0x44}, {}, {}, {}, {0x9}, {0x4}, {}, {}, {0x0, 0xffffffffffff0000}, {0x0, 0x40}]}}) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000000)={0x9, 0x10001}) [ 177.470347][ T7647] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 177.478580][ T7694] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) [ 177.482264][ T7647] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network 04:39:12 executing program 0: signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0) fstat(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd) write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$inet(r0, &(0x7f0000000080), &(0x7f00000001c0)=0x10) unlink(0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000680)={0x0, @in={{0x2, 0x4e22, @dev}}, 0x3ff, 0x0, 0x401, 0xf1, 0x4}, 0x98) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) mkdir(&(0x7f0000001540)='./file0\x00', 0x0) [ 177.538924][ T7659] device hsr_slave_0 entered promiscuous mode [ 177.568784][ T7659] device hsr_slave_1 entered promiscuous mode [ 177.574109][ T7709] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 177.602114][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.610017][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 177.647210][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 177.656402][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 177.666857][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 177.679427][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 04:39:12 executing program 1: r0 = socket$inet_tcp(0x2, 0x3, 0x6) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x23) write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="2321202e2f66576c65308b02d290dc57d330ae6f6f00e5aa2966dae73fa5d6867fe7c0eb8b10ce01005b0000d28db00655c39a43"], 0x34) write$binfmt_script(r0, &(0x7f00000001c0)={'#! ', './file0', [], 0xa, "39980cfd42119cc4e10403390a306500"/25}, 0x24) [ 177.691260][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 177.706879][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.718730][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 177.744820][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 177.753674][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 177.762963][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 177.791190][ T7647] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 177.804153][ T7720] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7720 [ 177.814247][ T7720] caller is sk_mc_loop+0x1d/0x210 [ 177.819296][ T7720] CPU: 1 PID: 7720 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 177.828321][ T7720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.838530][ T7720] Call Trace: [ 177.841855][ T7720] dump_stack+0x172/0x1f0 [ 177.846216][ T7720] __this_cpu_preempt_check+0x246/0x270 [ 177.851779][ T7720] sk_mc_loop+0x1d/0x210 [ 177.856052][ T7720] ip_mc_output+0x2ef/0xf70 [ 177.860571][ T7720] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 177.865691][ T7720] ? __ip_make_skb+0xf15/0x1820 [ 177.870553][ T7720] ? ip_append_data.part.0+0x170/0x170 [ 177.876121][ T7720] ? dst_release+0x62/0xb0 [ 177.880546][ T7720] ? __ip_make_skb+0xf93/0x1820 [ 177.885402][ T7720] ip_local_out+0xc4/0x1b0 [ 177.889827][ T7720] ip_send_skb+0x42/0xf0 [ 177.894081][ T7720] ip_push_pending_frames+0x64/0x80 [ 177.899406][ T7720] raw_sendmsg+0x1e6d/0x2f20 [ 177.904181][ T7720] ? finish_task_switch+0x46/0x780 [ 177.909333][ T7720] ? compat_raw_getsockopt+0x100/0x100 [ 177.914894][ T7720] ? __sched_text_start+0x8/0x8 [ 177.919758][ T7720] ? preempt_schedule+0x4b/0x60 [ 177.924790][ T7720] ? preempt_schedule_common+0x4f/0xe0 [ 177.930440][ T7720] ? ___might_sleep+0x163/0x280 [ 177.935301][ T7720] ? __might_sleep+0x95/0x190 [ 177.940012][ T7720] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 177.945837][ T7720] ? aa_sk_perm+0x288/0x880 [ 177.950355][ T7720] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 177.955911][ T7720] inet_sendmsg+0x147/0x5e0 [ 177.960454][ T7720] ? compat_raw_getsockopt+0x100/0x100 [ 177.966203][ T7720] ? inet_sendmsg+0x147/0x5e0 [ 177.970898][ T7720] ? ipip_gro_receive+0x100/0x100 [ 177.975935][ T7720] sock_sendmsg+0xdd/0x130 [ 177.980372][ T7720] sock_write_iter+0x27c/0x3e0 [ 177.985164][ T7720] ? sock_sendmsg+0x130/0x130 [ 177.990042][ T7720] ? aa_path_link+0x460/0x460 [ 178.001299][ T7720] ? find_held_lock+0x35/0x130 [ 178.006080][ T7720] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 178.012331][ T7720] ? iov_iter_init+0xee/0x220 [ 178.017019][ T7720] new_sync_write+0x4c7/0x760 [ 178.021713][ T7720] ? default_llseek+0x2e0/0x2e0 [ 178.026720][ T7720] ? common_file_perm+0x238/0x720 [ 178.031760][ T7720] ? __fget+0x381/0x550 [ 178.035929][ T7720] ? apparmor_file_permission+0x25/0x30 [ 178.041574][ T7720] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 178.047828][ T7720] ? security_file_permission+0x94/0x380 [ 178.053475][ T7720] __vfs_write+0xe4/0x110 [ 178.057902][ T7720] vfs_write+0x20c/0x580 [ 178.062162][ T7720] ksys_write+0xea/0x1f0 [ 178.066414][ T7720] ? __ia32_sys_read+0xb0/0xb0 [ 178.071189][ T7720] ? do_syscall_64+0x26/0x610 [ 178.076750][ T7720] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.082836][ T7720] ? do_syscall_64+0x26/0x610 [ 178.087553][ T7720] __x64_sys_write+0x73/0xb0 [ 178.092458][ T7720] do_syscall_64+0x103/0x610 [ 178.097072][ T7720] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.102964][ T7720] RIP: 0033:0x4582b9 [ 178.107043][ T7720] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 178.126911][ T7720] RSP: 002b:00007f0084acdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 178.135543][ T7720] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 178.143629][ T7720] RDX: 0000000000000034 RSI: 0000000020000300 RDI: 0000000000000003 [ 178.151604][ T7720] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 178.159840][ T7720] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0084ace6d4 [ 178.167912][ T7720] R13: 00000000004c7a3b R14: 00000000004ddaf0 R15: 00000000ffffffff [ 178.180760][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 178.181904][ T7721] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7721 [ 178.197907][ T7721] caller is sk_mc_loop+0x1d/0x210 [ 178.203013][ T7721] CPU: 1 PID: 7721 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 178.211325][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 178.212360][ T7721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.212366][ T7721] Call Trace: [ 178.212393][ T7721] dump_stack+0x172/0x1f0 [ 178.212419][ T7721] __this_cpu_preempt_check+0x246/0x270 [ 178.212437][ T7721] sk_mc_loop+0x1d/0x210 [ 178.212452][ T7721] ip_mc_output+0x2ef/0xf70 [ 178.212470][ T7721] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 178.212489][ T7721] ? __ip_make_skb+0xf15/0x1820 [ 178.235843][ T7649] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 178.237973][ T7721] ? ip_append_data.part.0+0x170/0x170 [ 178.269324][ T7721] ? dst_release+0x62/0xb0 [ 178.279203][ T7721] ? __ip_make_skb+0xf93/0x1820 [ 178.284268][ T7721] ip_local_out+0xc4/0x1b0 [ 178.288789][ T7721] ip_send_skb+0x42/0xf0 [ 178.293066][ T7721] ip_push_pending_frames+0x64/0x80 [ 178.298283][ T7721] raw_sendmsg+0x1e6d/0x2f20 [ 178.301176][ T7654] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.302889][ T7721] ? compat_raw_getsockopt+0x100/0x100 [ 178.302933][ T7721] ? ___might_sleep+0x163/0x280 [ 178.320028][ T7721] ? __might_sleep+0x95/0x190 [ 178.324840][ T7721] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 178.330518][ T7721] ? aa_sk_perm+0x288/0x880 [ 178.335071][ T7721] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 178.340638][ T7721] inet_sendmsg+0x147/0x5e0 [ 178.344448][ T7654] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.345186][ T7721] ? compat_raw_getsockopt+0x100/0x100 [ 178.357438][ T7721] ? inet_sendmsg+0x147/0x5e0 [ 178.362132][ T7721] ? ipip_gro_receive+0x100/0x100 [ 178.367181][ T7721] sock_sendmsg+0xdd/0x130 [ 178.371617][ T7721] sock_write_iter+0x27c/0x3e0 [ 178.376404][ T7721] ? sock_sendmsg+0x130/0x130 [ 178.381107][ T7721] ? aa_path_link+0x460/0x460 [ 178.385824][ T7721] ? find_held_lock+0x35/0x130 [ 178.390695][ T7721] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 178.396951][ T7721] ? iov_iter_init+0xee/0x220 [ 178.401674][ T7721] new_sync_write+0x4c7/0x760 [ 178.406461][ T7721] ? default_llseek+0x2e0/0x2e0 [ 178.411486][ T7721] ? common_file_perm+0x238/0x720 [ 178.416380][ T7654] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 178.416521][ T7721] ? __fget+0x381/0x550 [ 178.431076][ T7721] ? apparmor_file_permission+0x25/0x30 [ 178.436722][ T7721] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 178.441687][ T7654] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 178.442965][ T7721] ? security_file_permission+0x94/0x380 [ 178.442987][ T7721] __vfs_write+0xe4/0x110 [ 178.463526][ T7721] vfs_write+0x20c/0x580 [ 178.467870][ T7721] ksys_write+0xea/0x1f0 [ 178.472121][ T7721] ? __ia32_sys_read+0xb0/0xb0 [ 178.477064][ T7721] ? do_syscall_64+0x26/0x610 [ 178.481840][ T7721] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.487949][ T7721] ? do_syscall_64+0x26/0x610 [ 178.492643][ T7721] __x64_sys_write+0x73/0xb0 [ 178.497245][ T7721] do_syscall_64+0x103/0x610 [ 178.501854][ T7721] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.503784][ T7654] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 178.507768][ T7721] RIP: 0033:0x4582b9 [ 178.518500][ T7721] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 178.538844][ T7721] RSP: 002b:00007f0084aacc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 178.538859][ T7721] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 178.538866][ T7721] RDX: 0000000000000024 RSI: 00000000200001c0 RDI: 0000000000000003 [ 178.538873][ T7721] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 178.538880][ T7721] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0084aad6d4 [ 178.538894][ T7721] R13: 00000000004c7a3b R14: 00000000004ddaf0 R15: 00000000ffffffff [ 178.603723][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 178.611533][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 178.640890][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.660623][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.671261][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.678485][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.691415][ T7720] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7720 [ 178.692000][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.700992][ T7720] caller is sk_mc_loop+0x1d/0x210 [ 178.714016][ T7720] CPU: 1 PID: 7720 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 178.715120][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.723049][ T7720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.723054][ T7720] Call Trace: [ 178.723081][ T7720] dump_stack+0x172/0x1f0 [ 178.723102][ T7720] __this_cpu_preempt_check+0x246/0x270 [ 178.723118][ T7720] sk_mc_loop+0x1d/0x210 [ 178.723135][ T7720] ip_mc_output+0x2ef/0xf70 [ 178.723151][ T7720] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 178.723164][ T7720] ? __ip_make_skb+0xf15/0x1820 [ 178.723181][ T7720] ? ip_append_data.part.0+0x170/0x170 [ 178.723193][ T7720] ? dst_release+0x62/0xb0 [ 178.723212][ T7720] ? __ip_make_skb+0xf93/0x1820 [ 178.731965][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.741304][ T7720] ip_local_out+0xc4/0x1b0 [ 178.741323][ T7720] ip_send_skb+0x42/0xf0 [ 178.741338][ T7720] ip_push_pending_frames+0x64/0x80 [ 178.741352][ T7720] raw_sendmsg+0x1e6d/0x2f20 [ 178.741375][ T7720] ? compat_raw_getsockopt+0x100/0x100 [ 178.744715][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.748982][ T7720] ? __switch_to_asm+0x40/0x70 [ 178.755076][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.758733][ T7720] ? __schedule+0x81f/0x1cc0 [ 178.758760][ T7720] ? ___might_sleep+0x163/0x280 [ 178.758790][ T7720] ? ___might_sleep+0x163/0x280 [ 178.764166][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.768403][ T7720] ? __might_sleep+0x95/0x190 [ 178.768421][ T7720] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 178.768435][ T7720] ? aa_sk_perm+0x288/0x880 [ 178.768455][ T7720] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 178.768473][ T7720] inet_sendmsg+0x147/0x5e0 [ 178.774179][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.778776][ T7720] ? compat_raw_getsockopt+0x100/0x100 [ 178.778793][ T7720] ? inet_sendmsg+0x147/0x5e0 [ 178.778807][ T7720] ? ipip_gro_receive+0x100/0x100 [ 178.778824][ T7720] sock_sendmsg+0xdd/0x130 [ 178.778842][ T7720] sock_write_iter+0x27c/0x3e0 [ 178.784118][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.788201][ T7720] ? sock_sendmsg+0x130/0x130 [ 178.788227][ T7720] ? aa_path_link+0x460/0x460 [ 178.788240][ T7720] ? find_held_lock+0x35/0x130 [ 178.788253][ T7720] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 178.788271][ T7720] ? iov_iter_init+0xee/0x220 [ 178.796203][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.799699][ T7720] new_sync_write+0x4c7/0x760 [ 178.799718][ T7720] ? default_llseek+0x2e0/0x2e0 [ 178.799749][ T7720] ? common_file_perm+0x238/0x720 [ 178.799768][ T7720] ? __fget+0x381/0x550 [ 178.805849][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.809220][ T7720] ? apparmor_file_permission+0x25/0x30 [ 178.809237][ T7720] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 178.809252][ T7720] ? security_file_permission+0x94/0x380 [ 178.809272][ T7720] __vfs_write+0xe4/0x110 [ 178.814595][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 178.819391][ T7720] vfs_write+0x20c/0x580 [ 178.819412][ T7720] ksys_write+0xea/0x1f0 [ 178.819428][ T7720] ? __ia32_sys_read+0xb0/0xb0 [ 178.819448][ T7720] ? do_syscall_64+0x26/0x610 [ 178.833897][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 178.837883][ T7720] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.837899][ T7720] ? do_syscall_64+0x26/0x610 [ 178.837922][ T7720] __x64_sys_write+0x73/0xb0 [ 178.837944][ T7720] do_syscall_64+0x103/0x610 [ 178.846982][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 178.850764][ T7720] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.850781][ T7720] RIP: 0033:0x4582b9 [ 178.850796][ T7720] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 178.850803][ T7720] RSP: 002b:00007f0084acdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 178.856269][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 178.861454][ T7720] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 178.861462][ T7720] RDX: 0000000000000034 RSI: 0000000020000300 RDI: 0000000000000004 [ 178.861469][ T7720] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 178.861475][ T7720] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0084ace6d4 [ 178.861482][ T7720] R13: 00000000004c7a3b R14: 00000000004ddaf0 R15: 00000000ffffffff [ 178.898384][ T7721] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7721 [ 178.936545][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 178.940811][ T7721] caller is sk_mc_loop+0x1d/0x210 [ 178.940832][ T7721] CPU: 1 PID: 7721 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 178.958852][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 178.962706][ T7721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.962711][ T7721] Call Trace: [ 178.962736][ T7721] dump_stack+0x172/0x1f0 [ 178.962757][ T7721] __this_cpu_preempt_check+0x246/0x270 [ 178.962784][ T7721] sk_mc_loop+0x1d/0x210 [ 178.974144][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 178.981589][ T7721] ip_mc_output+0x2ef/0xf70 [ 178.981608][ T7721] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 178.981621][ T7721] ? __ip_make_skb+0xf15/0x1820 [ 178.981640][ T7721] ? ip_append_data.part.0+0x170/0x170 [ 178.981651][ T7721] ? dst_release+0x62/0xb0 [ 178.981668][ T7721] ? __ip_make_skb+0xf93/0x1820 [ 179.282648][ T7721] ip_local_out+0xc4/0x1b0 [ 179.287139][ T7721] ip_send_skb+0x42/0xf0 [ 179.291364][ T7721] ip_push_pending_frames+0x64/0x80 [ 179.296548][ T7721] raw_sendmsg+0x1e6d/0x2f20 [ 179.301132][ T7721] ? compat_raw_getsockopt+0x100/0x100 [ 179.306708][ T7721] ? __switch_to_asm+0x40/0x70 [ 179.311461][ T7721] ? __schedule+0x81f/0x1cc0 [ 179.316045][ T7721] ? ___might_sleep+0x163/0x280 [ 179.320885][ T7721] ? ___might_sleep+0x163/0x280 [ 179.325720][ T7721] ? __might_sleep+0x95/0x190 [ 179.330384][ T7721] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 179.336004][ T7721] ? aa_sk_perm+0x288/0x880 [ 179.340766][ T7721] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 179.346436][ T7721] inet_sendmsg+0x147/0x5e0 [ 179.350922][ T7721] ? compat_raw_getsockopt+0x100/0x100 [ 179.356360][ T7721] ? inet_sendmsg+0x147/0x5e0 [ 179.361020][ T7721] ? ipip_gro_receive+0x100/0x100 [ 179.366293][ T7721] sock_sendmsg+0xdd/0x130 [ 179.370699][ T7721] sock_write_iter+0x27c/0x3e0 [ 179.375458][ T7721] ? sock_sendmsg+0x130/0x130 [ 179.380659][ T7721] ? aa_path_link+0x460/0x460 [ 179.385341][ T7721] ? find_held_lock+0x35/0x130 [ 179.390106][ T7721] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 179.396418][ T7721] ? iov_iter_init+0xee/0x220 [ 179.401087][ T7721] new_sync_write+0x4c7/0x760 [ 179.405753][ T7721] ? default_llseek+0x2e0/0x2e0 [ 179.410617][ T7721] ? common_file_perm+0x238/0x720 [ 179.415973][ T7721] ? __fget+0x381/0x550 [ 179.420298][ T7721] ? apparmor_file_permission+0x25/0x30 [ 179.426097][ T7721] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 179.432329][ T7721] ? security_file_permission+0x94/0x380 [ 179.438104][ T7721] __vfs_write+0xe4/0x110 [ 179.442602][ T7721] vfs_write+0x20c/0x580 [ 179.446843][ T7721] ksys_write+0xea/0x1f0 [ 179.451112][ T7721] ? __ia32_sys_read+0xb0/0xb0 [ 179.455867][ T7721] ? do_syscall_64+0x26/0x610 [ 179.460529][ T7721] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.466576][ T7721] ? do_syscall_64+0x26/0x610 [ 179.471239][ T7721] __x64_sys_write+0x73/0xb0 [ 179.475818][ T7721] do_syscall_64+0x103/0x610 [ 179.480525][ T7721] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.486402][ T7721] RIP: 0033:0x4582b9 [ 179.490285][ T7721] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 179.510201][ T7721] RSP: 002b:00007f0084aacc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 179.518601][ T7721] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 179.526738][ T7721] RDX: 0000000000000024 RSI: 00000000200001c0 RDI: 0000000000000004 [ 179.534696][ T7721] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 179.542650][ T7721] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0084aad6d4 [ 179.550713][ T7721] R13: 00000000004c7a3b R14: 00000000004ddaf0 R15: 00000000ffffffff 04:39:14 executing program 2: r0 = perf_event_open(&(0x7f0000000300)={0x400000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x0) [ 179.657523][ T7659] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.706806][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.719866][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.738490][ T7659] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.753740][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.766950][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.777483][ T7656] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.784632][ T7656] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.808319][ T7655] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.822979][ T7655] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.856513][ T7655] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.887463][ T7655] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.894633][ T7655] bridge0: port 2(bridge_slave_1) entered forwarding state 04:39:15 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x20800000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x10000}) perf_event_open(&(0x7f0000000040)={0x0, 0x23b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) fstat(r2, &(0x7f0000000140)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004}) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:39:15 executing program 0: signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0) fstat(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd) write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$inet(r0, &(0x7f0000000080), &(0x7f00000001c0)=0x10) unlink(0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000680)={0x0, @in={{0x2, 0x4e22, @dev}}, 0x3ff, 0x0, 0x401, 0xf1, 0x4}, 0x98) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) mkdir(&(0x7f0000001540)='./file0\x00', 0x0) [ 179.912589][ T7655] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.930459][ T7655] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.970102][ T7659] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 180.005668][ T7659] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 180.030338][ T7659] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 180.051436][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 180.060839][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.069963][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.079280][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.100056][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 180.114919][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 180.124013][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 180.132798][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 180.140137][ T7750] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 180.167510][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 180.168293][ T7750] FAT-fs (loop0): Filesystem has been set read-only [ 180.185144][ T7750] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) [ 180.192121][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 180.304773][ T7759] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7759 [ 180.315788][ T7759] caller is ip6_finish_output+0x335/0xdc0 [ 180.321697][ T7759] CPU: 1 PID: 7759 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 180.330897][ T7759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 180.341245][ T7759] Call Trace: [ 180.344735][ T7759] dump_stack+0x172/0x1f0 [ 180.349102][ T7759] __this_cpu_preempt_check+0x246/0x270 [ 180.354647][ T7759] ip6_finish_output+0x335/0xdc0 [ 180.359671][ T7759] ip6_output+0x235/0x7f0 [ 180.364115][ T7759] ? ip6_finish_output+0xdc0/0xdc0 [ 180.369213][ T7759] ? ip6_fragment+0x3980/0x3980 [ 180.374045][ T7759] ? retint_kernel+0x2d/0x2d [ 180.378630][ T7759] ip6_local_out+0xc4/0x1b0 [ 180.383113][ T7759] ip6_send_skb+0xbb/0x350 [ 180.387518][ T7759] ip6_push_pending_frames+0xc8/0xf0 [ 180.392984][ T7759] rawv6_sendmsg+0x299c/0x35e0 [ 180.397742][ T7759] ? rawv6_getsockopt+0x150/0x150 [ 180.402839][ T7759] ? aa_profile_af_perm+0x320/0x320 [ 180.408546][ T7759] ? trace_hardirqs_on_caller+0x6a/0x220 [ 180.414209][ T7759] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.419690][ T7759] ? retint_kernel+0x2d/0x2d [ 180.424265][ T7759] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.429775][ T7759] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 180.435224][ T7759] ? lockdep_hardirqs_on+0x418/0x5d0 [ 180.440497][ T7759] ? retint_kernel+0x2d/0x2d [ 180.445072][ T7759] ? trace_hardirqs_on_caller+0x6a/0x220 [ 180.450787][ T7759] ? retint_kernel+0x2d/0x2d [ 180.455367][ T7759] ? ipip_gro_receive+0x100/0x100 [ 180.460385][ T7759] inet_sendmsg+0x147/0x5e0 [ 180.464870][ T7759] ? rawv6_getsockopt+0x150/0x150 [ 180.469873][ T7759] ? inet_sendmsg+0x147/0x5e0 [ 180.474531][ T7759] ? ipip_gro_receive+0x100/0x100 [ 180.479651][ T7759] sock_sendmsg+0xdd/0x130 [ 180.484071][ T7759] sock_write_iter+0x27c/0x3e0 [ 180.488958][ T7759] ? sock_sendmsg+0x130/0x130 [ 180.493641][ T7759] ? iov_iter_init+0x30/0x220 [ 180.498305][ T7759] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 180.504559][ T7759] ? iov_iter_init+0xee/0x220 [ 180.510014][ T7759] new_sync_write+0x4c7/0x760 [ 180.514885][ T7759] ? default_llseek+0x2e0/0x2e0 [ 180.519839][ T7759] ? common_file_perm+0x238/0x720 [ 180.524861][ T7759] ? apparmor_file_permission+0x25/0x30 [ 180.530424][ T7759] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 180.536838][ T7759] ? security_file_permission+0x94/0x380 [ 180.542595][ T7759] __vfs_write+0xe4/0x110 [ 180.546932][ T7759] vfs_write+0x20c/0x580 [ 180.551198][ T7759] ksys_write+0xea/0x1f0 [ 180.555435][ T7759] ? __ia32_sys_read+0xb0/0xb0 [ 180.560364][ T7759] ? do_syscall_64+0x26/0x610 [ 180.565043][ T7759] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 180.571097][ T7759] ? do_syscall_64+0x26/0x610 [ 180.576458][ T7759] __x64_sys_write+0x73/0xb0 [ 180.581035][ T7759] do_syscall_64+0x103/0x610 [ 180.585822][ T7759] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 180.591698][ T7759] RIP: 0033:0x4582b9 [ 180.595582][ T7759] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 180.615267][ T7759] RSP: 002b:00007fa948a85c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 180.623843][ T7759] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 180.631805][ T7759] RDX: 0000000000000143 RSI: 00000000200001c0 RDI: 0000000000000004 [ 180.639794][ T7759] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 180.647970][ T7759] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa948a866d4 [ 180.655939][ T7759] R13: 00000000004c7a3b R14: 00000000004ddaf0 R15: 00000000ffffffff 04:39:15 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="ab8cce9aa8bc2038bdd0b55368d7205869e899b729c8c77f169e35b495a40bb6c211c80eb7ea5b2a7058ade301e3a620c6a41d3619d57f7833c5813e322e68bfea8b79a6698e3fc5a87fb2da49a0d50b556ee26170101476ee960092e5ae338abd3d6c946908329e538bd8c0fe742f652df4bf9cb182d00d5c02531c17da3654f6fb1b1671a8ca3faf760c2e3abc10801dbc1651fa090c695d8c679d1ad1530f0f299eb65aded0bddc502c0a7f77a31caf86b2232ce027e1818e9c89bdea33e1cb169c8e4da6f8431aabbd4c2cccce98d2c4162f1754165652014107bcb1715b96287c6051f4a049658d026e0fa510e1379ea3037420e4bcf805d89ac9ce7108a03b8ed19ac6e7d372f42e5de56fd405309458a8269139fc3b9a5a4af5a276577a8a2b21778d072433333ad038301deac5b99c4fd0d26d238e454feb95370924a23cde"], 0x143) 04:39:15 executing program 1: mkdir(&(0x7f0000000bc0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000001c0)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) linkat(r0, &(0x7f0000000000)='./file0\x00', 0xffffffffffffffff, 0x0, 0x0) 04:39:15 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$sock_ifreq(r0, 0x8000200008924, &(0x7f0000000000)={'batadv0\x00', @ifru_settings={0x1, 0x0, @fr_pvc=0x0}}) 04:39:15 executing program 0: signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0) fstat(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd) write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$inet(r0, &(0x7f0000000080), &(0x7f00000001c0)=0x10) unlink(0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000680)={0x0, @in={{0x2, 0x4e22, @dev}}, 0x3ff, 0x0, 0x401, 0xf1, 0x4}, 0x98) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:39:15 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='\x00\xcd\x94\xa4\x84\x00\b\x00\x00\x00\x00\x00\x00]\v\xbf\x9a\xcb') renameat2(r0, &(0x7f0000000040)='./bus\x00', r0, &(0x7f0000000080)='./bus\x00', 0x0) 04:39:15 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x20800000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x10000}) perf_event_open(&(0x7f0000000040)={0x0, 0x23b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) fstat(r2, &(0x7f0000000140)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004}) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:39:15 executing program 2: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000280)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000440)=[{&(0x7f0000000580)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) 04:39:15 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000180)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000040)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000300)={0x200000000bf}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc05c5340, &(0x7f00000003c0)={0x0, @time}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue0\x00'}) r1 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x14) 04:39:15 executing program 4: unshare(0x600) r0 = perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) open(0x0, 0x0, 0x0) fcntl$setpipe(r0, 0x407, 0x1) getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1f}, 0x0) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, 0x0) 04:39:16 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x20800000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x10000}) perf_event_open(&(0x7f0000000040)={0x0, 0x23b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) fstat(r2, &(0x7f0000000140)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004}) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:39:16 executing program 5: r0 = socket(0x20000000000000a, 0x2000000000001, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'bond0\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'bond0\x00', 0xffb}) [ 181.010271][ T7772] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 181.055093][ T7772] FAT-fs (loop0): Filesystem has been set read-only [ 181.086546][ T7772] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) 04:39:16 executing program 0: signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0) fstat(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd) write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$inet(r0, &(0x7f0000000080), &(0x7f00000001c0)=0x10) unlink(0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:39:16 executing program 2: unshare(0x600) r0 = perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x21) getsockname$unix(r1, &(0x7f0000000040)=@abs, &(0x7f00000002c0)=0x6e) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) fcntl$setpipe(r0, 0x407, 0x1) getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000300)={0x0, 0x100000001, 0x963, 0x1f}, &(0x7f0000000340)=0x10) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) pwrite64(r2, 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f00000007c0)={0x0, 0x0, 0x1, 'queue1\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000500)={0x2, 0x2}) unlinkat(0xffffffffffffffff, &(0x7f0000000640)='./file0\x00', 0x200) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x2000) 04:39:16 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") syz_mount_image$xfs(&(0x7f0000000180)='xfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 04:39:16 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x22) 04:39:16 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x22) [ 181.530143][ T7804] device bond0 entered promiscuous mode [ 181.542855][ T7821] XFS (loop4): Invalid superblock magic number [ 181.547731][ T7807] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 181.561553][ T7804] device bond_slave_0 entered promiscuous mode 04:39:16 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x22) [ 181.578430][ T7804] device bond_slave_1 entered promiscuous mode [ 181.588264][ T7807] FAT-fs (loop0): Filesystem has been set read-only [ 181.615783][ T7807] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) [ 181.626624][ T7804] 8021q: adding VLAN 0 to HW filter on device bond0 04:39:16 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='\x00\xcd\x94\xa4\x84\x00\b\x00\x00\x00\x00\x00\x00]\v\xbf\x9a\xcb') mknodat(r0, &(0x7f0000000480)='./bus\x00', 0x0, 0x0) 04:39:16 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x22) 04:39:16 executing program 1: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = dup3(r0, r1, 0x0) ioctl$RTC_SET_TIME(r2, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x3, 0x0, 0xfff}) 04:39:16 executing program 0: signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0) fstat(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd) write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$inet(r0, &(0x7f0000000080), &(0x7f00000001c0)=0x10) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:39:16 executing program 3: bpf$PROG_LOAD(0x5, 0x0, 0x0) [ 181.866869][ T7801] device bond0 left promiscuous mode [ 181.876911][ T7801] device bond_slave_0 left promiscuous mode [ 181.902417][ T7801] device bond_slave_1 left promiscuous mode [ 182.094472][ T7804] device bond0 entered promiscuous mode [ 182.134298][ T7804] device bond_slave_0 entered promiscuous mode [ 182.185323][ T7804] device bond_slave_1 entered promiscuous mode [ 182.214504][ T7804] 8021q: adding VLAN 0 to HW filter on device bond0 04:39:17 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00') lseek(r0, 0xfffffffffffffffd, 0x0) 04:39:17 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r0, &(0x7f00000003c0)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000040)={0x0, 0x23b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) fstat(r2, &(0x7f0000000140)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004}) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:39:17 executing program 3: bpf$PROG_LOAD(0x5, 0x0, 0x0) 04:39:17 executing program 2: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_UIE_ON(r0, 0x7003) ioctl$RTC_UIE_OFF(r0, 0x7004) 04:39:17 executing program 5: socketpair$unix(0x1, 0x7, 0x0, &(0x7f00000000c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000680)='stat\x00') r2 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f00000002c0)={@mcast1, @mcast1, @mcast1, 0x0, 0x0, 0x0, 0xb, 0x0, 0x10000000200}) r3 = dup(r0) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000640)='fou\x00') sendmsg$FOU_CMD_GET(r3, &(0x7f0000000700)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x820000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="06002bbd7000fbdbdf25030000000800040001000000080001004e"], 0x1}, 0x1, 0x0, 0x0, 0x80}, 0x240440d4) syz_genetlink_get_family_id$tipc(&(0x7f00000003c0)='TIPC\x00') ioctl$VIDIOC_S_AUDIO(0xffffffffffffffff, 0x40345622, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_MON_SET(r4, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4844}, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) readv(r5, &(0x7f0000000100), 0x0) sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) [ 182.299843][ T7857] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) 04:39:17 executing program 0: signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0) fstat(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd) write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:39:17 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x22) 04:39:17 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') write$FUSE_WRITE(r0, 0x0, 0x0) 04:39:17 executing program 4: syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 04:39:17 executing program 1: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(0x0) syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000001c0)='memory.high\x00f\xe0\a\xbc\x19W\x95\bY\xe6\x1a\x10L\x84Q\xcd\xf5\xa1c\x8f\xe9I5R=\xad\xfa\x9c\aY\xef\x01,\xc25K\x8b\xf9\x0e\x90\xff<\x00\xa9\xe0x\xfaq\xd7-Z\f\x85&\"<\xb8Y\x8aD\xc7\x00\xe7\xe4 \xa2\xb6g(Z\xd5w\x84\xd1\x99X\xdaQ+-\xf1\v$\xcdv\xe6`\\\xc4\xdf\x1eN\x8c\\\x9c\xe8T\x06\x8eLk\x88\x9d2d\xe0:3S\xef\x8b\x10\xa8\x89\xa4\xfe\xea\x01\x05\xfb\x81\x7f\x15\xe4b\xf0\x9c[\x91\x1d \xc0>\xaeg\xaa\r\xe5\r\xc7x.\x8c8\x83\x8eIO\xb8\\N1#H\xf2\x8f\x03V\xcf\xdb\xc8\xda\xa7)\x7f\xe6\xe3[\xf3', 0x2, 0x0) writev(r1, &(0x7f0000000700), 0x10000000000000bf) 04:39:17 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x22) 04:39:17 executing program 2: r0 = socket(0x2, 0x5, 0x0) connect$unix(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="82022e2fe6696c653000"], 0x1) 04:39:17 executing program 5: socketpair$unix(0x1, 0x7, 0x0, &(0x7f00000000c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000680)='stat\x00') r2 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f00000002c0)={@mcast1, @mcast1, @mcast1, 0x0, 0x0, 0x0, 0xb, 0x0, 0x10000000200}) r3 = dup(r0) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000640)='fou\x00') sendmsg$FOU_CMD_GET(r3, &(0x7f0000000700)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x820000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="06002bbd7000fbdbdf25030000000800040001000000080001004e"], 0x1}, 0x1, 0x0, 0x0, 0x80}, 0x240440d4) syz_genetlink_get_family_id$tipc(&(0x7f00000003c0)='TIPC\x00') ioctl$VIDIOC_S_AUDIO(0xffffffffffffffff, 0x40345622, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_MON_SET(r4, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4844}, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) readv(r5, &(0x7f0000000100), 0x0) sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 04:39:17 executing program 2: r0 = open(&(0x7f0000000080)='./file0\x00', 0x80000000000206, 0x0) truncate(&(0x7f0000000000)='./file0\x00', 0x208020001) lseek(r0, 0x0, 0x3) poll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0) socket$inet6_udp(0x1c, 0x2, 0x0) exit(0x0) mprotect(&(0x7f0000ff9000/0x5000)=nil, 0x5000, 0x0) poll(0x0, 0x0, 0x0) socket$inet6_udp(0x1c, 0x2, 0x0) [ 182.840781][ T7910] XFS (loop4): Invalid superblock magic number 04:39:18 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x22) 04:39:18 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x0, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 04:39:18 executing program 5: r0 = syz_open_dev$sndseq(&(0x7f0000000180)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000040)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000300)={0x200000000bf}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{}, {0x0, 0x1c9c380}}, 0x0) tkill(r2, 0x14) 04:39:18 executing program 0: signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0) fstat(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd) write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:39:18 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x0, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 04:39:18 executing program 1: openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(0x0) syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000001c0)='memory.high\x00f\xe0\a\xbc\x19W\x95\bY\xe6\x1a\x10L\x84Q\xcd\xf5\xa1c\x8f\xe9I5R=\xad\xfa\x9c\aY\xef\x01,\xc25K\x8b\xf9\x0e\x90\xff<\x00\xa9\xe0x\xfaq\xd7-Z\f\x85&\"<\xb8Y\x8aD\xc7\x00\xe7\xe4 \xa2\xb6g(Z\xd5w\x84\xd1\x99X\xdaQ+-\xf1\v$\xcdv\xe6`\\\xc4\xdf\x1eN\x8c\\\x9c\xe8T\x06\x8eLk\x88\x9d2d\xe0:3S\xef\x8b\x10\xa8\x89\xa4\xfe\xea\x01\x05\xfb\x81\x7f\x15\xe4b\xf0\x9c[\x91\x1d \xc0>\xaeg\xaa\r\xe5\r\xc7x.\x8c8\x83\x8eIO\xb8\\N1#H\xf2\x8f\x03V\xcf\xdb\xc8\xda\xa7)\x7f\xe6\xe3[\xf3', 0x2, 0x0) writev(r1, &(0x7f0000000700), 0x10000000000000bf) 04:39:18 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x0, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 04:39:18 executing program 4: ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f00000000c0)) r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000080)=ANY=[@ANYBLOB="0000000003"]) 04:39:18 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, 0x0, 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 04:39:18 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000001c0)='memory.high\x00f\xe0\a\xbc\x19W\x95\bY\xe6\x1a\x10L\x84Q\xcd\xf5\xa1c\x8f\xe9I5R=\xad\xfa\x9c\aY\xef\x01,\xc25K\x8b\xf9\x0e\x90\xff<\x00\xa9\xe0x\xfaq\xd7-Z\f\x85&\"<\xb8Y\x8aD\xc7\x00\xe7\xe4 \xa2\xb6g(Z\xd5w\x84\xd1\x99X\xdaQ+-\xf1\v$\xcdv\xe6`\\\xc4\xdf\x1eN\x8c\\\x9c\xe8T\x06\x8eLk\x88\x9d2d\xe0:3S\xef\x8b\x10\xa8\x89\xa4\xfe\xea\x01\x05\xfb\x81\x7f\x15\xe4b\xf0\x9c[\x91\x1d \xc0>\xaeg\xaa\r\xe5\r\xc7x.\x8c8\x83\x8eIO\xb8\\N1#H\xf2\x8f\x03V\xcf\xdb\xc8\xda\xa7)\x7f\xe6\xe3[\xf3', 0x2, 0x0) writev(r1, &(0x7f0000000700), 0x10000000000000bf) 04:39:18 executing program 4: syz_emit_ethernet(0x300b22, &(0x7f0000000080)={@local, @empty, [], {@arp={0x806, @ether_ipv4={0xf000, 0x6000, 0x6, 0x4, 0x0, @local, @dev, @dev}}}}, 0x0) 04:39:18 executing program 2: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGMASK(r1, 0x80104592, 0x0) 04:39:18 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, 0x0, 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 04:39:18 executing program 4: 04:39:19 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socket$bt_rfcomm(0x1f, 0x0, 0x3) 04:39:19 executing program 0: signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0) fstat(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd) write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:39:19 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, 0xffffffffffffffff) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, 0x0, 0x0) 04:39:19 executing program 1: 04:39:19 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, 0x0, 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 04:39:19 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) epoll_create(0x0) r0 = socket$key(0xf, 0x3, 0x2) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) getsockname(r0, &(0x7f0000000180)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, &(0x7f0000000240)=0x80) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1, &(0x7f00000004c0)='\x00', 0xffffffffffffffff}, 0x30) getresuid(&(0x7f0000000580), &(0x7f00000005c0), &(0x7f0000000600)) lstat(&(0x7f0000000640)='./bus\x00', &(0x7f0000000680)) gettid() r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000080)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r2, &(0x7f0000000c40)=ANY=[@ANYBLOB="00db3e34f9fac2b839eb3455d72f9527de4211d4e737ff10bf66a096b93cc21f3b6ae8a1209b80de849500000000000000000047a18a4e5aeca69944f20da3fcb4af4e0076ccc73f13f0f19107a88840d2d0e930428c72311e2554b6677bee65"], 0x60) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unlink(&(0x7f0000001e00)='./bus\x00') sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) mkdir(&(0x7f0000001540)='./file0\x00', 0x0) 04:39:19 executing program 5: 04:39:19 executing program 5: 04:39:19 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x22) [ 184.162155][ T8017] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8017 [ 184.172156][ T8017] caller is ip6_finish_output+0x335/0xdc0 [ 184.177909][ T8017] CPU: 0 PID: 8017 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 184.186922][ T8017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.196976][ T8017] Call Trace: [ 184.200286][ T8017] dump_stack+0x172/0x1f0 [ 184.204610][ T8017] __this_cpu_preempt_check+0x246/0x270 [ 184.210144][ T8017] ip6_finish_output+0x335/0xdc0 [ 184.215083][ T8017] ip6_output+0x235/0x7f0 [ 184.219411][ T8017] ? ip6_finish_output+0xdc0/0xdc0 [ 184.224668][ T8017] ? ip6_fragment+0x3980/0x3980 [ 184.229510][ T8017] ip6_xmit+0xe41/0x20c0 [ 184.233748][ T8017] ? ip6_finish_output2+0x2550/0x2550 [ 184.239107][ T8017] ? mark_held_locks+0xf0/0xf0 [ 184.243857][ T8017] ? ip6_setup_cork+0x1870/0x1870 [ 184.248878][ T8017] inet6_csk_xmit+0x2fb/0x5d0 [ 184.253542][ T8017] ? inet6_csk_update_pmtu+0x190/0x190 [ 184.258987][ T8017] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 184.265216][ T8017] ? csum_ipv6_magic+0x20/0x80 [ 184.269984][ T8017] __tcp_transmit_skb+0x1a32/0x3750 [ 184.275165][ T8017] ? tcp_connect+0x1184/0x4280 [ 184.279920][ T8017] ? __tcp_select_window+0x8b0/0x8b0 [ 184.285188][ T8017] ? lockdep_hardirqs_on+0x418/0x5d0 [ 184.290458][ T8017] ? trace_hardirqs_on+0x67/0x230 [ 184.295469][ T8017] ? tcp_rbtree_insert+0x188/0x200 [ 184.300581][ T8017] tcp_connect+0x2e18/0x4280 [ 184.305178][ T8017] ? tcp_push_one+0x110/0x110 [ 184.309855][ T8017] ? secure_tcpv6_ts_off+0x24f/0x360 [ 184.315128][ T8017] ? secure_dccpv6_sequence_number+0x280/0x280 [ 184.321449][ T8017] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 184.327674][ T8017] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 184.333897][ T8017] ? prandom_u32_state+0x13/0x180 [ 184.338967][ T8017] tcp_v6_connect+0x150b/0x20a0 [ 184.344013][ T8017] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 184.349298][ T8017] __inet_stream_connect+0x83f/0xea0 [ 184.354709][ T8017] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 184.359979][ T8017] ? __inet_stream_connect+0x83f/0xea0 [ 184.365534][ T8017] ? mark_held_locks+0xa4/0xf0 [ 184.370285][ T8017] ? inet_dgram_connect+0x2e0/0x2e0 [ 184.375664][ T8017] ? lock_sock_nested+0x9a/0x120 [ 184.380703][ T8017] ? trace_hardirqs_on+0x67/0x230 [ 184.385708][ T8017] ? lock_sock_nested+0x9a/0x120 [ 184.390628][ T8017] ? __local_bh_enable_ip+0x15a/0x270 [ 184.396078][ T8017] inet_stream_connect+0x58/0xa0 [ 184.401014][ T8017] __sys_connect+0x266/0x330 [ 184.405591][ T8017] ? __ia32_sys_accept+0xb0/0xb0 [ 184.410514][ T8017] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 184.416753][ T8017] ? put_timespec64+0xda/0x140 [ 184.421651][ T8017] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.427100][ T8017] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.432544][ T8017] ? do_syscall_64+0x26/0x610 [ 184.437231][ T8017] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.443277][ T8017] ? do_syscall_64+0x26/0x610 [ 184.447943][ T8017] __x64_sys_connect+0x73/0xb0 [ 184.452692][ T8017] do_syscall_64+0x103/0x610 [ 184.457270][ T8017] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.463142][ T8017] RIP: 0033:0x4582b9 [ 184.467021][ T8017] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 184.486804][ T8017] RSP: 002b:00007f9d55882c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 184.495307][ T8017] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 184.503370][ T8017] RDX: 000000000000001c RSI: 0000000020000080 RDI: 0000000000000003 04:39:19 executing program 1: [ 184.511327][ T8017] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 184.519283][ T8017] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d558836d4 [ 184.527238][ T8017] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff 04:39:19 executing program 5: 04:39:19 executing program 1: 04:39:19 executing program 5: [ 184.870327][ T8017] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8017 [ 184.880085][ T8017] caller is ip6_finish_output+0x335/0xdc0 [ 184.886020][ T8017] CPU: 0 PID: 8017 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19 [ 184.895063][ T8017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.902456][ T8027] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 184.905123][ T8017] Call Trace: [ 184.905176][ T8017] dump_stack+0x172/0x1f0 [ 184.905202][ T8017] __this_cpu_preempt_check+0x246/0x270 [ 184.905222][ T8017] ip6_finish_output+0x335/0xdc0 [ 184.932331][ T8017] ip6_output+0x235/0x7f0 [ 184.936789][ T8017] ? ip6_finish_output+0xdc0/0xdc0 [ 184.942523][ T8017] ? ip6_fragment+0x3980/0x3980 [ 184.947477][ T8017] ip6_xmit+0xe41/0x20c0 [ 184.947501][ T8017] ? ip6_finish_output2+0x2550/0x2550 [ 184.954758][ T8027] FAT-fs (loop0): Filesystem has been set read-only [ 184.957163][ T8017] ? mark_held_locks+0xf0/0xf0 [ 184.957186][ T8017] ? ip6_setup_cork+0x1870/0x1870 [ 184.957219][ T8017] inet6_csk_xmit+0x2fb/0x5d0 [ 184.957239][ T8017] ? inet6_csk_update_pmtu+0x190/0x190 [ 184.973758][ T8017] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 184.973787][ T8017] ? csum_ipv6_magic+0x20/0x80 [ 184.973808][ T8017] __tcp_transmit_skb+0x1a32/0x3750 [ 184.973825][ T8017] ? tcp_connect+0x1184/0x4280 [ 185.001035][ T8027] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) [ 185.005260][ T8017] ? __tcp_select_window+0x8b0/0x8b0 [ 185.005275][ T8017] ? lockdep_hardirqs_on+0x418/0x5d0 [ 185.005290][ T8017] ? trace_hardirqs_on+0x67/0x230 [ 185.005307][ T8017] ? tcp_rbtree_insert+0x188/0x200 [ 185.005323][ T8017] tcp_connect+0x2e18/0x4280 [ 185.005349][ T8017] ? tcp_push_one+0x110/0x110 [ 185.005364][ T8017] ? secure_tcpv6_ts_off+0x24f/0x360 [ 185.005379][ T8017] ? secure_dccpv6_sequence_number+0x280/0x280 [ 185.005398][ T8017] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.061255][ T8017] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.067510][ T8017] ? prandom_u32_state+0x13/0x180 [ 185.072643][ T8017] tcp_v6_connect+0x150b/0x20a0 [ 185.077513][ T8017] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 185.082842][ T8017] __inet_stream_connect+0x83f/0xea0 [ 185.088135][ T8017] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 185.093525][ T8017] ? __inet_stream_connect+0x83f/0xea0 [ 185.098993][ T8017] ? mark_held_locks+0xa4/0xf0 [ 185.103765][ T8017] ? inet_dgram_connect+0x2e0/0x2e0 [ 185.108992][ T8017] ? lock_sock_nested+0x9a/0x120 [ 185.113941][ T8017] ? trace_hardirqs_on+0x67/0x230 [ 185.118975][ T8017] ? lock_sock_nested+0x9a/0x120 [ 185.124277][ T8017] ? __local_bh_enable_ip+0x15a/0x270 [ 185.129668][ T8017] inet_stream_connect+0x58/0xa0 [ 185.134618][ T8017] __sys_connect+0x266/0x330 [ 185.139219][ T8017] ? __ia32_sys_accept+0xb0/0xb0 [ 185.144161][ T8017] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 185.150579][ T8017] ? put_timespec64+0xda/0x140 [ 185.155365][ T8017] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.160828][ T8017] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 185.166378][ T8017] ? do_syscall_64+0x26/0x610 [ 185.171067][ T8017] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.177141][ T8017] ? do_syscall_64+0x26/0x610 [ 185.181919][ T8017] __x64_sys_connect+0x73/0xb0 [ 185.186691][ T8017] do_syscall_64+0x103/0x610 [ 185.191290][ T8017] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.197188][ T8017] RIP: 0033:0x4582b9 [ 185.201094][ T8017] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 04:39:20 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x22) 04:39:20 executing program 4: 04:39:20 executing program 1: 04:39:20 executing program 5: [ 185.220707][ T8017] RSP: 002b:00007f9d55882c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 185.229127][ T8017] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 185.237106][ T8017] RDX: 000000000000001c RSI: 0000000020000080 RDI: 0000000000000004 [ 185.245086][ T8017] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 185.253065][ T8017] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d558836d4 [ 185.261053][ T8017] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff 04:39:20 executing program 2: 04:39:20 executing program 1: 04:39:20 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x22) 04:39:20 executing program 5: 04:39:20 executing program 4: 04:39:20 executing program 1: 04:39:20 executing program 5: 04:39:20 executing program 2: 04:39:20 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 04:39:20 executing program 5: 04:39:20 executing program 4: 04:39:20 executing program 1: 04:39:20 executing program 2: 04:39:20 executing program 0: signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0) fstat(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd) write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:39:21 executing program 0: signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0) fstat(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd) write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:39:21 executing program 2: 04:39:21 executing program 1: 04:39:21 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 04:39:21 executing program 4: 04:39:21 executing program 5: 04:39:21 executing program 1: 04:39:21 executing program 2: 04:39:21 executing program 4: 04:39:21 executing program 5: 04:39:21 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 04:39:21 executing program 1: 04:39:22 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$sock_ifreq(r0, 0x8000200008924, &(0x7f0000000000)={'batadv0\x00', @ifru_settings={0x1, 0xff, @fr_pvc=0x0}}) 04:39:22 executing program 5: 04:39:22 executing program 4: 04:39:22 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x70) 04:39:22 executing program 0: signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0) fstat(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:39:22 executing program 1: [ 186.879727][ T8116] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 186.888836][ T8116] FAT-fs (loop0): Filesystem has been set read-only [ 186.897810][ T8116] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) 04:39:22 executing program 5: 04:39:22 executing program 1: 04:39:22 executing program 4: 04:39:22 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x70) 04:39:22 executing program 5: 04:39:22 executing program 1: 04:39:22 executing program 2: 04:39:22 executing program 4: 04:39:22 executing program 0: signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0) fstat(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:39:22 executing program 1: 04:39:22 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x70) 04:39:22 executing program 5: 04:39:22 executing program 2: 04:39:22 executing program 4: 04:39:22 executing program 1: 04:39:22 executing program 4: 04:39:22 executing program 2: 04:39:22 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x70) 04:39:22 executing program 5: 04:39:22 executing program 0: signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0) fstat(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:39:22 executing program 5: 04:39:22 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x70) 04:39:22 executing program 4: 04:39:22 executing program 2: 04:39:22 executing program 1: 04:39:22 executing program 4: 04:39:22 executing program 1: 04:39:22 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x70) 04:39:22 executing program 5: 04:39:22 executing program 2: 04:39:22 executing program 0: signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0) fstat(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000), 0x8080fffffffe)